Stanford Web Security Research

SafeLock: Detecting Mixed Content

Goal

When a document embeds insecure content, the browser should revoke
the capability to display a lock icon from all documents in the same
security origin as the contaminated document. This mitigation is
possible because the capability to display a lock icon is revocable.

We have implemented a experimental prototype of lock icon
revocation as a Firefox browser extension: